1. Field
Various features relate to encryption, particularly encryption exploiting XTS block cipher modes for use with mobile computing devices.
2. Background
Block ciphers are employed in cryptography to improve the confidentiality of data stored within memory systems or other storage systems, particularly memory systems accessible by an attacker or other malicious entity. Typically, block ciphers employ a deterministic procedure or algorithm that operates on fixed-length groups of bits (i.e. blocks.) Block ciphers may be employed to implement the encryption of bulk data, such as data stored on off-chip memory devices used with System-on-a-Chip (SoC) processors of smartphones or other mobile computing devices. One example of a block cipher mode of operation is XTS-AES specified by the Institute of Electrical and Electronics Engineers (IEEE) Standard 1619-2007. See also National Institute of Standards and Technology (NIST) Special Publication 800-38E, “Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices”, June 2010. Note that XTS stands for “XEX Tweakable Block Cipher with Ciphertext Stealing” and XEX stands for “XOR Encrypt XOR.” AES refers to Advanced Encryption System.
Briefly, the XTS-AES mode is intended for the cryptographic protection of data on storage devices that use fixed length “data units.” The standard XTS block cipher mode uses fixed keys K1 and K2 that are intended to be kept secret and where, generally speaking, K1 operates on the data and K2 operates on the corresponding data unit indices. For certain applications, such as the retrieval of data stored on the memory devices of smartphones, the block cipher function utilizing K1 may be “stripped down” by reducing the number of rounds employed by the cipher to allow it to operate more quickly so as to reduce overall read latency. Such block ciphers are referred to as reduced-round block ciphers. In this regard, block ciphers may use invertible transformations known as round functions, where each iteration is referred to as a round. A reduced-round cipher may employ a truncated or reduced number of such rounds, e.g. sixteen rounds or iterations rather than thirty-two, relative to a full block cipher. Reduced-round ciphers, however, may render at least some of the keys less secure.
Therefore, there is a need to improve the confidentiality of data stored within storage systems such as memory systems accessible by an attacker or other malicious entity, particularly data encrypted using reduced-round ciphers.